Google removes malware that installed an app every 2 minutes

Google together with Lookout, a mobile security company, has successfully taken down the auto-rooting malware app that was said to be silently rooting Android device and install other apps without user permission.Robin Sinha | TOI Tech | Updated: June 30, 2016, 09:41 IST

Google together with Lookout, a mobile security company, has successfully taken down the auto-rooting malware app that was said to be silently rooting Android device and install other apps without user permission.

The app called LevelDropper on Google Store was discovered by the security firm Lookout last week. The app is basically virtual version of a flat level calibration tool that users can keep on table or any other surface to check if they are really flat.

At first glance, LevelDropper looks like a simple app to use. However, as Lookout says in its blog, on running a deeper analysis "it turned out to conceal its malicious behaviour."

The app was found to be silently rooting the device and installed 14 apps within 30 minutes of its installation, which means almost 1 app in every 2 minutes.

After running LevelDropper, the security firm found new applications such as Gin Rummy, More cast and others started showing up on the app list. These apps before being downloaded didn't even show a prompt.

Lookout says that it was also not easy to determine if the app performed a silent root or not. The only evidence they could find was that the handset's system partition was writable. Usually it is in read-only format.

If you are one of the users who have installed LevelDropper, it would be advisable by to perform a factory reset to remove the malware. You can also install security apps to detect if apps are malicious or not.

Malware attacks are on the rise these days. Recently, a mobile malware called "Godless" affected over 850,000 Android devices worldwide. "Godless" hides inside an app and exploits the root of the operating system (OS) on a user's phone. The app creates admin access to a device, allowing installation of unauthorised apps.